In this notice, references to 'us', 'our' or 'we' are to the House of Commons. The Corporate Officer (Clerk of the House) is the Controller of any personal data processed as described in this Privacy Notice. The Data Protection Officer is the Head of Information Rights and Information Security.
If you have any questions about the use of your personal data, please contact us:
- Email: IRIS@parliament.uk
- Telephone: 0207 219 4296
- Post: IRIS Service, House of Commons, SW1A 0AA
Collection of your personal data
When you contact us, visit us, engage with our Parliamentary work, access or use our services either online, by post, in person or by other means, we may collect, store and use your personal data.
The personal data we are collecting and processing may include your name and contact details, such as email address, postal address and phone numbers. We will not collect special category data capable of being linked with your identity without your specific consent. Special category data includes data on race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, or sexual orientation.
When we collect your data we will notify you about what information we are collecting and our intended uses. When we collect your data pursuant to a Parliamentary function subject to Parliamentary privilege, such as for the purposes of a select committee inquiry, we are not required by law to notify you of the information we are collecting and the intended uses for that information, but will normally do so as a matter of good practice.
Use of your personal data
We consider that, under the GDPR, the lawful basis for processing your data is that we are engaged in a public task. Specifically, processing this data is necessary for Parliamentary functions, in this case, the scrutiny functions of a select committee. The operation of the GDPR in relation to data collected and processed pursuant to Parliamentary functions is modified by the Data Protection Act 2018 and our use of your data is set out below.
Details about the lawful basis for processing personal data can be found on the Information Commissioner’s website here.
Storage and retention of your personal data
The retention and disposal of your personal data will be in accordance with our Authorised Record Disposal Practice (ARDP) ( PDF 713 KB). In connection with committee inquiries, we may lawfully retain your data for archiving in the public interest and this may amount to indefinite retention. Where the data held are subject to the requirements of Parliamentary privilege, we will continue to consider requests for personal data to be removed from historic evidence on a case by case basis in accordance with our ARDP. At the end of the retention period, your personal data will be disposed of securely.
Disclosure and security of your personal data
We may disclose your personal data to third parties when permitted to do so including:
- with your consent;
- where we have a contract with a processor acting on our behalf;
- if we have a lawful basis for doing so;
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. This includes providing your personal data to other organisations, such as the Police, for the purposes of prevention and detection of crime.
We may also share your personal data with other organisations where there is a lawful basis for doing so, such as the House of Lords administration (which is a separate Controller) for the provision of shared services to you.
We will never share or sell your personal data to other organisations for direct marketing purposes.
All personal data you provide to the House of Commons will be stored securely, both physically and electronically, in accordance with our policies. We have an information security process in place to oversee the effective and secure processing of your personal data.
In addition, we (or processors acting on our behalf) may also store or process your personal data in countries outside the European Economic Area but only where we are assured of the security of the data. We have put in place technical and organisational security measures to minimise the possibility of the loss or unauthorised access of your personal data.
We will ensure you can exercise your rights in relation to the personal data you provide to us. These are as follows:
- You can request access to the personal data we hold about you at any time by contacting the Data Protection Officer whose contact details are found at the top of this notice.
- Where consistent with Parliamentary privilege, you can ask us to update your personal data if it changes. In certain circumstances, you can request we erase the personal data we hold, or ask us to stop or restrict processing if you have an objection. Where Parliamentary privilege applies, we may consider on a case by case basis a request to modify or erase the personal data we hold in our historic records.
- You can ask for a copy of your information in a machine-readable format to allow you to obtain and reuse your personal data for your own purposes across different services (the right to data portability).
- If you have any privacy-related questions or unresolved problems relating to the use of your personal data, you may contact us to complain by contacting the Data Protection Officer whose contact details are found at the top of this notice.
You also have the right to complain to the Information Commissioner’s Office, the supervisory authority, about our collection and use of your personal data. They can be contacted at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or www.ico.org.uk.
Further details about your rights and the complaints process can be found on the Information Commissioner’s website here.